Rockwell Automation/Allen-Bradley MicroLogix 1100 L16xxx < 10.000 HTTP Remote DoS

high Nessus Network Monitor Plugin ID 7198

Synopsis

A MicroLogix 1100 programmable logic controller (PLC) has been detected which is vulnerable to a Denial of Service attack vector.

Description

Rockwell Automation MicroLogix 1100 PLCs contain an unspecified flaw in the password mechanism that may allow a remote denial of service. The issue is only present when the HTTP server is enabled. This may allow a remote attacker to cause the program to crash.

Solution

Upgrade the firmware of MicroLogix 1100 L16xxx to 10.000 or later.

See Also

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/278864

Plugin Details

Severity: High

ID: 7198

Version: 1.0

Family: SCADA

Published: 4/29/2016

Updated: 8/16/2018

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Patch Publication Date: 5/19/2011

Vulnerability Publication Date: 5/19/2011